31 research outputs found
Robustness against Power is PSPACE-complete
Power is a RISC architecture developed by IBM, Freescale, and several other
companies and implemented in a series of POWER processors. The architecture
features a relaxed memory model providing very weak guarantees with respect to
the ordering and atomicity of memory accesses.
Due to these weaknesses, some programs that are correct under sequential
consistency (SC) show undesirable effects when run under Power. We call these
programs not robust against the Power memory model. Formally, a program is
robust if every computation under Power has the same data and control
dependencies as some SC computation.
Our contribution is a decision procedure for robustness of concurrent
programs against the Power memory model. It is based on three ideas. First, we
reformulate robustness in terms of the acyclicity of a happens-before relation.
Second, we prove that among the computations with cyclic happens-before
relation there is one in a certain normal form. Finally, we reduce the
existence of such a normal-form computation to a language emptiness problem.
Altogether, this yields a PSPACE algorithm for checking robustness against
Power. We complement it by a matching lower bound to show PSPACE-completeness
Locality and Singularity for Store-Atomic Memory Models
Robustness is a correctness notion for concurrent programs running under
relaxed consistency models. The task is to check that the relaxed behavior
coincides (up to traces) with sequential consistency (SC). Although
computationally simple on paper (robustness has been shown to be
PSPACE-complete for TSO, PGAS, and Power), building a practical robustness
checker remains a challenge. The problem is that the various relaxations lead
to a dramatic number of computations, only few of which violate robustness.
In the present paper, we set out to reduce the search space for robustness
checkers. We focus on store-atomic consistency models and establish two
completeness results. The first result, called locality, states that a
non-robust program always contains a violating computation where only one
thread delays commands. The second result, called singularity, is even stronger
but restricted to programs without lightweight fences. It states that there is
a violating computation where a single store is delayed.
As an application of the results, we derive a linear-size source-to-source
translation of robustness to SC-reachability. It applies to general programs,
regardless of the data domain and potentially with an unbounded number of
threads and with unbounded buffers. We have implemented the translation and
verified, for the first time, PGAS algorithms in a fully automated fashion. For
TSO, our analysis outperforms existing tools
AUTSEG: Automatic Test Set Generator for Embedded Reactive Systems
Part 2: Tools and FrameworksInternational audienceOne of the biggest challenges in hardware and software design is to ensure that a system is error-free. Small errors in reactive embedded systems can have disastrous and costly consequences for a project. Preventing such errors by identifying the most probable cases of erratic system behavior is quite challenging. In this paper, we introduce an automatic test set generator called AUTSEG. Its input is a generic model of the target system, generated using the synchronous approach. Our tool finds the optimal preconditions for restricting the state space of the model. It only works locally on significant subspaces. Our approach exhibits a simpler and efficient quasi-flattening algorithm than existing techniques and a useful compiled form to check security properties and reduce the combinatorial explosion problem of state space. To illustrate our approach, AUTSEG was applied to the case of a transportation contactless card
Recommended from our members
Retinal lipid and glucose metabolism dictates angiogenesis through the lipid sensor Ffar1
Tissues with high metabolic rates often use lipids, as well as glucose, for energy, conferring a survival advantage during feast and famine1. Current dogma suggests that high-energy–consuming photoreceptors depend on glucose2, 3. Here we show that the retina also uses fatty acid β-oxidation for energy. Moreover, we identify a lipid sensor, free fatty acid receptor 1 (Ffar1), that curbs glucose uptake when fatty acids are available. Very-low-density lipoprotein receptor (Vldlr), which is present in photoreceptors4 and is expressed in other tissues with a high metabolic rate, facilitates the uptake of triglyceride-derived fatty acid5, 6. In the retinas of Vldlr−/− mice with low fatty acid uptake6 but high circulating lipid levels, we found that Ffar1 suppresses expression of the glucose transporter Glut1. Impaired glucose entry into photoreceptors results in a dual (lipid and glucose) fuel shortage and a reduction in the levels of the Krebs cycle intermediate α-ketoglutarate (α-KG). Low α-KG levels promotes stabilization of hypoxia-induced factor 1a (Hif1a) and secretion of vascular endothelial growth factor A (Vegfa) by starved Vldlr−/− photoreceptors, leading to neovascularization. The aberrant vessels in the Vldlr−/− retinas, which invade normally avascular photoreceptors, are reminiscent of the vascular defects in retinal angiomatous proliferation, a subset of neovascular age-related macular degeneration (AMD)7, which is associated with high vitreous VEGFA levels in humans. Dysregulated lipid and glucose photoreceptor energy metabolism may therefore be a driving force in macular telangiectasia, neovascular AMD and other retinal diseases
Counter-Example Guided Fence Insertion under TSO
UPMARCWeak Memory Model
A Verification-Based Approach to Memory Fence Insertion in PSO Memory Systems
peer reviewedThis paper addresses the problem of verifying and correcting programs when they
are moved from a sequential consistency execution environment to a relaxed
memory context. Specifically, it considers the PSO (Partial Store Order)
memory model, which corresponds to the use of a store buffer for each shared
variable and each process. We also will consider, as an intermediate step, the
TSO (Total Store Order) memory model, which corresponds to the use of one store
buffer per process.
The proposed approach extends a previously developed verification tool that uses
finite automata to symbolically represent the possible contents of the store
buffers. Its starting point is a program that is correct for the usual
Sequential Consistency (SC) memory model, but that might be incorrect under PSO with
respect to safety properties.
This program is then first analyzed and corrected for the TSO memory model, and
then this TSO-safe program is analyzed and corrected under PSO, producing a
PSO-safe program. To obtain a TSO-safe program, only store-load fences (TSO
only allows store-load relaxations) are introduced into the program. Finaly, to
produce a PSO-safe program, only store-store fences (PSO
additionally allows store-store relaxations) are introduced.
An advantage of our technique is that the underlying symbolic verification tool
makes a full exploration of program behaviors possible even for cyclic
programs, which makes our approach broadly applicable. The method has been
tested with an experimental implementation and can effectively handle a series
of classical examples